From 4002470ede339765b8af3074e1ee728c086eea1a Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Wed, 6 Mar 2013 13:30:50 +0000 Subject: Allow testing multiple destinations in one go git-svn-id: svn+ssh://asteria.noreply.org/svn/weaselutils/trunk@589 bc3d92e2-beff-0310-a7cd-cc87d7ac0ede --- tor-exit-ssl-check | 76 ++++++++++++++++++++++++++++++------------------------ 1 file changed, 43 insertions(+), 33 deletions(-) diff --git a/tor-exit-ssl-check b/tor-exit-ssl-check index 38807d7..dafccf5 100755 --- a/tor-exit-ssl-check +++ b/tor-exit-ssl-check @@ -24,8 +24,10 @@ set -e set -u +shopt -s extglob + usage() { - echo "Usage: $0 [-v [-v]] [-d ] []" + echo "Usage: $0 [-v [-v]] [-d ] [:] [[:] [...]]" echo " If torserver-fpr is -, a list of fingerprints is read from stdin" } @@ -61,8 +63,7 @@ fi torserver="$1"; shift -hostname="$1"; shift -port="${1:-443}" +declare -a targets=("$@") socksport=$((RANDOM % 40000 + 20000)) mapaddr="192.0.2.1" @@ -111,7 +112,6 @@ SocksPort $socksport PidFile $pidfile Log $loglevel file $torlog SafeLogging 0 -# MapAddress $mapaddr $hostname.\$$torserver.exit ControlSocket $tmpdir/sock StrictNodes 1 EOF @@ -145,10 +145,15 @@ expect_ok() { fi } -[ "$verbose" = 0 ] || echo "Directly:" -openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct" -egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct" > "$tmpdir/cert-direct.filtered" -[ "$verbose" = 0 ] || echo "====" +for ((i=0; i < ${#targets[@]}; i++)); do + host="${targets[$i]}" + [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" + + [ "$verbose" = 0 ] || echo "Directly to $host:" + openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-direct-$i" + egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-direct-$i" > "$tmpdir/cert-direct-$i.filtered" + [ "$verbose" = 0 ] || echo "====" +done coproc socat UNIX-CONNECT:"$tmpdir/sock" - @@ -176,31 +181,36 @@ while : ; do echo "SETCONF ExitNodes=\$$server" >&${COPROC[1]} expect_ok - rm -f "$tmpdir/cert-tor" "$tmpdir/cert-tor.filtered" - - [ "$verbose" = 0 ] || echo "Via $server:" - TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$hostname":"$port" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor" - - egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor" > "$tmpdir/cert-tor.filtered" - - if diff "$tmpdir/cert-tor.filtered" "$tmpdir/cert-direct.filtered" > /dev/null; then - echo "RESULT: $server: No real differences." - [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - elif egrep '^connect:errno=' "$tmpdir/cert-tor" > /dev/null; then - [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - echo "RESULT: $server: Connect failed" - errors=$((errors | 0x02)) - elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor" > /dev/null; then - [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - echo "RESULT: $server: SSL Handshake failed" - errors=$((errors | 0x04)) - else - echo "RESULT: $server: differences!" - [ "$verbose" = 0 ] || echo "====" - [ "$verbose" = 0 ] || echo "Diff:" - diff -U100 "$tmpdir/cert-tor" "$tmpdir/cert-direct" || true - errors=$((errors | 0x08)) - fi + for ((i=0; i < ${#targets[@]}; i++)); do + host="${targets[$i]}" + [ "${host%%+([0-9])}" = "$host" ] && host="$host:443" + + rm -f "$tmpdir/cert-tor-$i" "$tmpdir/cert-tor-$i.filtered" + + [ "$verbose" = 0 ] || echo "Via $server to $host:" + TORSOCKS_CONF_FILE="$tmpdir/torsocks.conf" torify openssl s_client -no_ticket -showcerts -connect "$host" < /dev/null 2>&1 | eatdata "$tmpdir/cert-tor-$i" + + egrep -v '(Session-ID|Master-Key|Start Time):' < "$tmpdir/cert-tor-$i" > "$tmpdir/cert-tor-$i.filtered" + + if diff "$tmpdir/cert-tor-$i.filtered" "$tmpdir/cert-direct-$i.filtered" > /dev/null; then + echo "RESULT: $server: No real differences." + [ "$verbose" = 0 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + elif egrep '^connect:errno=' "$tmpdir/cert-tor-$i" > /dev/null; then + [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + echo "RESULT: $server: Connect failed" + errors=$((errors | 0x02)) + elif egrep '^[0-9]*:error:.*:ssl handshake failure:' "$tmpdir/cert-tor-$i" > /dev/null; then + [ "$verbose" -lt 1 ] || diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + echo "RESULT: $server: SSL Handshake failed" + errors=$((errors | 0x04)) + else + echo "RESULT: $server: differences!" + [ "$verbose" = 0 ] || echo "====" + [ "$verbose" = 0 ] || echo "Diff:" + diff -U100 "$tmpdir/cert-tor-$i" "$tmpdir/cert-direct-$i" || true + errors=$((errors | 0x08)) + fi + done [ "$torserver" = "-" ] || break done -- cgit v1.2.3